Does anyone have a very basic beginners guide to using linen (via helix 3). I am pretty new to linux in general, and was suprised to find little out there in the way of user guides. There are a few youtube clips but the quality wasnt great so I clearly see all the commands. The version of Linen on the copy of Helix I have is 6.12.0.21. I want to do a few test acquisitions of the internal drive on my laptop and write them out to an NTFS formatted USB. From what I gather you can use NTFS on newer releases of Linen.
Out of interest are there any alternative boot CD's with in built forensic imaging applications that you use, and how do they compare to Linen?
Many Thanks
Out of interest are there any alternative boot CD's with in built forensic imaging applications that you use, and how do they compare to Linen?
Well, more or less this is asking to do a comparative review of several available Linux based bootCD's + a few different builds of WinFE.
You can try Caine
http//
which includes among other tools guymager
http//guymager.sourceforge.net/
And a build of WinFE including (say) FTK imager and/or clonedisk and DMDE
http//winfe.wordpress.com/
http//
The latter .zip is MIA at the moment, but for the sake of quick testing you can get previous version from Wayback Machine
https://
jaclaz
Does anyone have a very basic beginners guide to using linen (via helix 3).
It's not for beginners – and Guidance Software probably wants you to attend one of their courses to learn how to use LinEn. I've tried it out a couple of times, but I see little reason to use it. The forensic dd versions are usually easier, not the least because they're command line tools, so you can see what's going on.
From what I gather you can use NTFS on newer releases of Linen.
It's doesn't depend on LinEn, but on the Linux platform it runs on. Modern ones do support writing to NTFS. Helix 3 is a bit old, though – can't remember if it has a good version of NTFS. At one time you had to mount a target NTFS drive as -t ntfs-3g … but that may be even further back.
Out of interest are there any alternative boot CD's with in built forensic imaging applications that you use, and how do they compare to Linen?
Lots. Raptor and Kali Linux are the two first that comes to mind, but there are several other. See http//
guymager did best in my testing of imagers.
https://
its in several live cds
Hi
Many tools can acquire disk images. If you are interested in LinEN, first make sure Subject and Examiner laptop/PC are in the LAN and network connection is ready. Then use LinEN live CD to boot Subject,follow instructions input necessary info,then service is listen…Second, you run EnCase on the Examiner to add network evidence…that's how LinEN works…
Suggest you get some basic Linux and network knowledge first, then you will find it easy to use.
Wish you success
Rick
Not a huge fan of Linen to be honest. Personally I would get a copy of DEFT 8 (freely available), boot to that and use Guymager, DD or DD rescue depending on your needs.